/*
package com.miraclemiles.oauth.config;

import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
import org.springframework.boot.autoconfigure.security.servlet.UserDetailsServiceAutoConfiguration;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
import org.springframework.web.cors.CorsUtils;

@EnableAutoConfiguration(exclude = UserDetailsServiceAutoConfiguration.class) // 排除内存用户的自动配置
@Configuration
@EnableResourceServer
@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true, jsr250Enabled = true)
public class ResourceServerConfiguration extends ResourceServerConfigurerAdapter {
	
	@Override
	public void configure(HttpSecurity http) throws Exception {
		http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED).and()
				// 请求权限配置
				.authorizeRequests()
				// 下边的路径放行,不需要经过认证
				 .antMatchers("/oauth/**", "/user/**", "/actuator/**", "/error", "/open-api/**", "/webhook/event").permitAll()
				// OPTIONS请求不需要鉴权
				 .antMatchers(HttpMethod.OPTIONS).permitAll().requestMatchers(CorsUtils::isPreFlightRequest).permitAll()

				// 其余接口没有角色限制，但需要经过认证，只要携带token就可以放行
				.anyRequest().authenticated();

	}

}
*/
